RMI Over SSL

You can secure RMI communications by transmitting them over SSL. The Oracle ATG Web Commerce platform includes a class, atg.net.ssl.SSLRMISocketFactory, for creating secure sockets for RMI, and a Nucleus component that is an instance of this class, /atg/dynamo/service/socket/SSLRMISocketFactory. To enable RMI over SSL, set the RMISocketFactory property of the /atg/dynamo/server/RmiInitialization component to point to the SSLRMISocketFactory component:

RMISocketFactory=/atg/dynamo/service/socket/SSLRMISocketFactory

To use RMI over SSL, configure public and private keys and wrap the public key in a self-signed certificate. Use the keytool utility to generate a new private key and public key, and wrap the public key into a new self-signed certificate.

Create a key store and trust store for each server.

Use the JDK keytool utility with the –genkey flag to generate a new self-signed certificate that wraps the public key.

Import the certificate into the trust store of each server.

Configure the /atg/dynamo/security/BasicSSLConfiguration component on each server. You must set the keyStore and trustStore properties to point to your new key store and trust store file locations. You must also set the keyStorePassword and trustStorePassword properties to the values that you used when creating the key store and trust store.

For more information about SSL keys and certificates, and for documentation about the Java Secure Socket Extension (JSSE) APIs, see the Oracle Web site.